VIR Vulnerability Intelligence Relay

Search

Found 5,474 results in 586ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-11909 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore vulnerable to remote code execution
CVE-2017-11907 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2…
CVE-2017-11906 medium 5.3 6.3 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Serv…
CVE-2017-11903 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2…
CVE-2017-11893 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore vulnerable to remote code execution
CVE-2017-11890 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker…
CVE-2017-11885 medium 6.6 7.6 EXP windows windows 9y ago Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709…
CVE-2017-1000385 medium 5.9 6.9 EXPFIX slesdebian debian erlang 9y ago The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's priv…
CVE-2017-5717 high 7.8 8.8 EXP intel 9y ago Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.
CVE-2014-8358 high 7.8 8.8 EXP 9y ago Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the…
CVE-2017-11319 high 8.8 9.8 EXP resolver 9y ago Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and m…
CVE-2017-16921 high 8.8 9.8 EXPFIX debian debian otrs 9y ago In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form paramete…
CVE-2017-16884 medium 6.1 7.1 EXP mistserver 9y ago Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
CVE-2017-13156 high 7.8 8.8 EXPFIX debian debian 9y ago An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
CVE-2017-14355 high 7.8 8.8 EXP microfocus 9y ago A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.
CVE-2016-1252 medium 5.9 6.9 EXPFIX debian debianubuntu ubuntu debian 9y ago The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 bef…
CVE-2017-8824 high 7.8 8.8 EXPFIX arch arch slesdebian debian 9y ago The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system…
CVE-2017-16929 high 8.1 9.1 EXP claymore_dual_miner_project 9y ago The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a re…
CVE-2017-15889 high 8.8 9.8 EXP 9y ago Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVE-2017-17090 high 7.5 8.5 EXPFIX debian debian digium 9y ago An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP …
CVE-2017-16953 high 7.5 8.5 EXP 9y ago connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET requ…
CVE-2017-16895 high 7.8 8.8 EXP arqbackup 9y ago The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges …
CVE-2017-15357 high 7.4 8.4 EXP arqbackup 9y ago The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
CVE-2017-17085 high 7.5 8.5 EXPFIX slesdebian debian wireshark 9y ago In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
CVE-2017-1000405 high 7.0 8.0 EXPFIX slesdebian debian linux-kernel 9y ago The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In suc…
CVE-2017-13872 high 8.1 9.1 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain a…
CVE-2017-17058 high 7.5 8.5 EXP automattic 9y ago The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a …
CVE-2017-16952 medium 5.5 6.5 EXP kmplayer 9y ago KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.
CVE-2017-16951 medium 5.5 6.5 EXP audiovalley 9y ago Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.
CVE-2017-16994 medium 5.5 6.5 EXPFIX slesdebian debian linux-kernel 9y ago The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kern…
CVE-2017-16962 medium 6.1 7.1 EXP communigate 9y ago The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a craf…
CVE-2017-16944 high 7.5 8.5 EXPFIX arch archdebian debian exim 9y ago The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT com…
CVE-2017-16939 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 9y ago The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCV…
CVE-2017-16902 high 7.5 8.5 EXP 9y ago On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.
CVE-2017-16894 high 7.5 8.5 EXPFIX debian debian laravel 9y ago In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Larav…
CVE-2017-6168 high 7.4 8.4 EXP f5 9y ago On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may b…
CVE-2017-1000170 high 7.5 8.5 EXP jqueryfiletree_project 9y ago jqueryFileTree vulnerable to Directory Traversal
CVE-2017-16819 medium 5.4 6.4 EXP 9y ago A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name)…
CVE-2017-16843 medium 5.4 6.4 EXP 9y ago Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
CVE-2017-16777 high 7.8 8.8 EXP hashicorp 9y ago If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo h…
CVE-2017-16841 medium 6.1 7.1 EXP lansweeper 9y ago LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
CVE-2017-16836 medium 6.1 7.1 EXP 9y ago Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
CVE-2017-15806 high 8.1 9.1 EXP zetacomponents 9y ago Zeta Components Mail Arbitrary code execution via a crafted email address
CVE-2017-15271 medium 5.9 6.9 EXP psftp 9y ago A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically res…
CVE-2017-15270 medium 5.3 6.3 EXP psftp 9y ago The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface…
CVE-2017-14961 high 7.8 8.8 EXP ikarussecurity 9y ago In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.
CVE-2017-7851 high 8.8 9.8 EXP 9y ago D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
CVE-2017-11873 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to ho…
CVE-2017-11870 high 7.5 8.5 EXP windows windows microsoft 9y ago Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects
CVE-2017-11861 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engin…
CVE-2017-11855 high 7.5 8.5 EXP windows windows microsoft 9y ago Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2…
CVE-2017-11841 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due…
CVE-2017-11840 high 7.5 8.5 EXP windows windows microsoft 9y ago ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due…
CVE-2017-11839 high 7.5 8.5 EXP windows windows microsoft 9y ago Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engi…
CVE-2017-11831 medium 4.7 5.7 EXP windows windows 9y ago Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Serv…
CVE-2017-11830 medium 5.3 6.3 EXP windows windows 9y ago Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security f…
CVE-2017-12636 high 7.2 8.2 EXPFIX arch arch sles apache 9y ago multiple issues in couchdb
CVE-2017-16807 medium 5.4 6.4 EXP getkirby 9y ago Kirby XSS Vulnerability
CVE-2017-16806 high 7.5 8.5 EXP ulterius 9y ago The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
CVE-2017-13849 medium 5.5 6.5 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "CoreText" component. It allows re…
CVE-2017-13802 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13798 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13797 high 8.8 9.8 EXPFIX macos macos apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13796 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13795 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13794 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13792 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13791 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13785 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13784 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-13783 high 8.8 9.8 EXPFIX macos macosdebian debian apple 9y ago An issue was discovered in certain Apple products. iOS before 11.1 is affected. Safari before 11.0.1 is affected. iCloud before 7.1 on Windows is affected. iTunes before 12.7.1 on Windows is affected…
CVE-2017-16781 medium 5.4 6.4 EXP mybb 9y ago The installer in MyBB before 1.8.13 has XSS.
CVE-2017-16568 medium 5.4 6.4 EXP logitech 9y ago Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Radio" functionality. This vulnerability allows attackers to inject malicious JavaScript payloads, w…
CVE-2017-16567 medium 5.4 6.4 EXP logitech 9y ago Persistent Cross-Site Scripting (XSS) vulnerability in Logitech Media Server 7.9.0, affecting the "Favorites" feature. This vulnerability allows remote attackers to inject and permanently store malic…
CVE-2017-16249 high 7.5 8.5 EXP 9y ago The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with …
CVE-2017-12969 high 8.8 9.8 EXP avaya 9y ago Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or exe…
CVE-2017-16642 high 7.5 8.5 EXP slesdebian debianubuntu ubuntu phpnetapp 9y ago In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to …
CVE-2017-6331 high 7.1 8.1 EXP symantec 9y ago Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that …
CVE-2017-14016 medium 6.3 7.3 EXP advantech 9y ago A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying…
CVE-2017-16001 high 7.8 8.8 EXP hashicorp 9y ago In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVE-2017-16570 high 8.8 9.8 EXP keystonejs 9y ago Cross-Site Request Forgery (CSRF) in keystone
CVE-2017-16524 high 8.8 9.8 EXP hanwhasecurity 9y ago Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrar…
CVE-2017-16542 high 8.8 9.8 EXP zohocorp 9y ago Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
CVE-2017-16513 high 7.8 8.8 EXP ipswitch 9y ago Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.
CVE-2017-16237 high 7.8 8.8 EXP tgsoft 9y ago In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64.SYS) contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8273007C.
CVE-2017-12243 high 7.8 8.8 EXP 9y ago A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authentica…
CVE-2017-15918 high 7.8 8.8 EXP ignitum 9y ago Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
CVE-2017-16353 medium 6.5 7.5 EXPFIX slesdebian debian graphicsmagick 9y ago GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The p…
CVE-2017-16352 high 8.8 9.8 EXPFIX slesdebian debian graphicsmagick 9y ago GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. …
CVE-2017-16244 high 8.8 9.8 EXP octobercms 9y ago October CMS CSRF
CVE-2017-15884 high 7.0 8.0 EXP hashicorp 9y ago In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVE-2017-15950 high 7.8 8.8 EXP flexense 9y ago Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destina…
CVE-2017-15921 high 7.5 8.5 EXP watchdogdevelopment 9y ago In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc…
CVE-2017-15920 high 7.5 8.5 EXP watchdogdevelopment 9y ago In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioc…
CVE-2017-7411 high 8.8 9.8 EXP enalean 9y ago An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value tha…
CVE-2017-15957 high 8.8 9.8 EXP ingenious_school_management_system_project 9y ago my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
CVE-2017-15956 high 7.5 8.5 EXP converto_video_downloader_\&_converter_project 9y ago ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.
CVE-2017-15879 high 8.8 9.8 EXP keystonejs 9y ago Keystone is vulnerable to CSV injection
CVE-2017-15878 medium 6.1 7.1 EXP keystonejs 9y ago Cross-Site Scripting in keystone
CVE-2017-15223 medium 5.3 6.3 EXP argosoft 9y ago Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an in…